diff --git a/builtin/providers/aws/resource_aws_instance.go b/builtin/providers/aws/resource_aws_instance.go index 4c818af705..837be6c877 100644 --- a/builtin/providers/aws/resource_aws_instance.go +++ b/builtin/providers/aws/resource_aws_instance.go @@ -427,6 +427,7 @@ func resourceAwsInstanceCreate(d *schema.ResourceData, meta interface{}) error { bd := v.(map[string]interface{}) ebs := &ec2.EBSBlockDevice{ DeleteOnTermination: aws.Boolean(bd["delete_on_termination"].(bool)), + Encrypted: aws.Boolean(bd["encrypted"].(bool)), } if v, ok := bd["snapshot_id"].(string); ok && v != "" { diff --git a/builtin/providers/aws/resource_aws_instance_test.go b/builtin/providers/aws/resource_aws_instance_test.go index 3c91e94a1e..6cb7072b38 100644 --- a/builtin/providers/aws/resource_aws_instance_test.go +++ b/builtin/providers/aws/resource_aws_instance_test.go @@ -128,6 +128,11 @@ func TestAccAWSInstance_blockDevices(t *testing.T) { fmt.Errorf("block device doesn't exist: /dev/sdc") } + // Check if the encrypted block device exists + if _, ok := blockDevices["/dev/sdd"]; !ok { + fmt.Errorf("block device doesn't exist: /dev/sdd") + } + return nil } } @@ -149,7 +154,7 @@ func TestAccAWSInstance_blockDevices(t *testing.T) { resource.TestCheckResourceAttr( "aws_instance.foo", "root_block_device.0.volume_type", "gp2"), resource.TestCheckResourceAttr( - "aws_instance.foo", "ebs_block_device.#", "2"), + "aws_instance.foo", "ebs_block_device.#", "3"), resource.TestCheckResourceAttr( "aws_instance.foo", "ebs_block_device.2576023345.device_name", "/dev/sdb"), resource.TestCheckResourceAttr( @@ -164,6 +169,12 @@ func TestAccAWSInstance_blockDevices(t *testing.T) { "aws_instance.foo", "ebs_block_device.2554893574.volume_type", "io1"), resource.TestCheckResourceAttr( "aws_instance.foo", "ebs_block_device.2554893574.iops", "100"), + resource.TestCheckResourceAttr( + "aws_instance.foo", "ebs_block_device.2634515331.device_name", "/dev/sdd"), + resource.TestCheckResourceAttr( + "aws_instance.foo", "ebs_block_device.2634515331.encrypted", "true"), + resource.TestCheckResourceAttr( + "aws_instance.foo", "ebs_block_device.2634515331.volume_size", "12"), resource.TestCheckResourceAttr( "aws_instance.foo", "ephemeral_block_device.#", "1"), resource.TestCheckResourceAttr( @@ -546,7 +557,11 @@ const testAccInstanceConfigBlockDevices = ` resource "aws_instance" "foo" { # us-west-2 ami = "ami-55a7ea65" - instance_type = "m1.small" + + # In order to attach an encrypted volume to an instance you need to have an + # m3.medium or larger. See "Supported Instance Types" in: + # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html + instance_type = "m3.medium" root_block_device { volume_type = "gp2" @@ -562,6 +577,14 @@ resource "aws_instance" "foo" { volume_type = "io1" iops = 100 } + + # Encrypted ebs block device + ebs_block_device { + device_name = "/dev/sdd" + volume_size = 12 + encrypted = true + } + ephemeral_block_device { device_name = "/dev/sde" virtual_name = "ephemeral0"